Lead application security reviews, threat modeling, and secure code review for new features and significant product changes.
Operate and improve SAST, DAST, and SCA tooling, triage findings, and partner with engineering teams to harden the codebase.
Plan and execute internal penetration tests against web applications, APIs, and mobile clients, and own the vulnerability management lifecycle.
ButterflyMX empowers people to automate property access, operations, and security from a single platform, serving over 20,000 properties worldwide. As a distributed, primarily remote workforce, they seek intelligent, passionate, and collaborative individuals driven by a shared commitment to excellence and innovation.
Own key security domains such as vulnerability management, application security, API security, and supply chain security.
Partner with engineering teams to integrate security into design reviews, threat modeling, CI/CD pipelines, and developer workflows.
Develop and improve security tooling and automation to reduce manual effort and leverage AI for triage and detection.
NinjaTrader is an industry-leading trading platform and futures broker that empowers traders with award-winning software and brokerage services. Since 2003, the company has grown to over 2 million users and is the number one rated futures brokerage worldwide, fostering a dynamic culture focused on social connection, professional development, and employee recognition.
Conduct threat modelling reviews of Technical Design Documents (TDDs) and provide actionable security recommendations early in the design process.
Perform application security assessments, including penetration testing, vulnerability assessments, and proof-of-concept development.
Investigate, triage, and respond to Bug Bounty program submissions, validating findings and driving timely remediation with engineering teams.
MoonPay is a unified payments platform for digital currency. Trusted by over 30 million customers and over 500 ecosystem partners, the company is committed to building a fairer, more open financial system with a culture of accountability and inclusivity.
Jobgether uses an AI-powered matching process to connect candidates with hiring companies quickly and objectively. They are a remote-first, globally distributed company with an inclusive engineering culture.
Architect, design, and implement end-to-end security solutions including firewalls, intrusion detection, and cloud security controls.
Collaborate with DevOps to integrate security into CI/CD pipelines and automate secure deployments.
Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations.
Figure is transforming capital markets through blockchain, powering real products used by hundreds of thousands of consumers and institutions. With over 170 partners and $22 billion in home equity loans originated, Figure is the largest non-bank provider of home equity financing in the U.S., recognized as one of Forbes' Most Innovative Fintech Startups in 2025.
Triage, validate, and remediate security vulnerabilities across products, infrastructure, and internal systems.
Develop, maintain, and contribute to internal and open-source security tooling, writing production-grade code.
Improve secure development practices through code reviews, threat modeling, and security design reviews.
Tiger Data provides the fastest PostgreSQL platform for transactional, analytical, and agentic workloads. With over 2,000 customers and 3 million active databases, it is a remote-first team backed by $180 million in funding.
Configure, deploy, and maintain security tools across cloud-native environments.
Integrate security tooling into existing software development and deployment workflows.
Partner with engineering teams to implement security best practices throughout the software development lifecycle.
Sphinx builds modern, scalable software to solve complex national security problems in Space. Founded by engineers and technologists with deep experience across commercial and defense technology, they emphasize collaboration, transparency, and individual responsibility in a growing team.
Partner with Product and Engineering teams to integrate security into application design and development, leading threat modeling and secure code reviews.
Develop and implement automated security guardrails across the SDLC, investigate and prioritize application security findings.
Promote secure coding practices through training and coaching, and create security standards and procedures that scale across teams.
Quanata is an insurance technology innovation company that engineers advanced risk prediction and prevention solutions and builds a full-stack, flexible, digital & increasingly AI-native insurance platform. We are a remote-first company wholly owned and funded by State Farm, with a culture that prioritizes inclusivity and positive collaboration.
Lead implementation and optimization of AppSec tools such as SAST, DAST, and SCA across client environments.
Conduct manual application and API security assessments, identifying vulnerabilities and recommending remediation strategies.
Advise clients on secure SDLC practices and integrate security tools into CI/CD pipelines.
The company is a cybersecurity consulting firm that helps organizations design and operationalize application security programs. It operates with a remote-first culture and a collaborative, client-facing team.
Deliver Application Security services including threat modeling, architecture reviews, and program assessments.
Author comprehensive reports tailored to technical and managerial audiences with remediation strategies.
Contribute to practice development and mentor team members while embracing emerging technologies.
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services to help organizations minimize risk. With over 1,200 employees, the company fosters a collaborative culture focused on mentorship and knowledge sharing.
Design and implement security automation solutions to improve scalability, reliability, and efficiency across security and compliance operations.
Build security telemetry capabilities for continuous control evidence collection, monitoring, and real-time risk visibility.
Develop automation frameworks and identity management solutions for provisioning, access governance, and scalable workflows.
Jobgether is a platform that uses AI-powered matching to connect candidates with hiring companies. They are a fast-growing technology environment offering remote-friendly work and opportunities for global collaboration.
Conduct application security reviews including threat modeling, code review, and risk assessment for new features.
Perform and improve SAST/DAST operations, triage, validation, and remediation tracking in CI/CD pipelines.
Apply and improve AI security review processes for LLM-integrated features and agentic attack surfaces.
Monarch is a powerful, all-in-one personal finance platform designed to simplify money management. They are a fully remote team of do-ers led by experienced entrepreneurs, passionate about building a product people love.
Partner with engineering, product, and DevOps teams to integrate security practices throughout the SDLC, focusing on cloud-native environments and automated pipelines.
Design, implement, and maintain security tooling and gates within CI/CD pipelines covering SAST, DAST, SCA, secrets detection, and container scanning.
Lead threat modeling, conduct application security assessments including code review and manual penetration testing, and triage bug bounty reports.
Hyland is the pioneer of the Content Innovation Cloud, delivering ubiquitous enterprise intelligence to organizations. With a team of nearly 4,000 employees, the company fosters an employee-centric culture focused on community impact and innovation.
Secure AI systems and use AI to scale security, conducting security reviews and threat modeling of AI-integrated product features.
Deliver end-to-end application security reviews for high-risk features, working directly with engineering teams to surface and close risk.
Advance CI/CD pipeline security by operating and evolving security scanning controls in GitLab pipelines.
Smartsheet empowers teams to manage work and scale solutions by uniting human teams with AI agents. They are a large company with over 20 years of experience, fostering a culture where ideas are heard and contributions have real impact.
Design and ship scalable security solutions to bridge the gap between security and engineering teams.
Build cooperative partnerships with product and engineering teams to integrate robust security capabilities at scale.
Drive security risk reduction through technical leadership, security reviews, and mentorship across engineering teams.
Twilio is a communications platform that delivers innovative solutions to hundreds of thousands of businesses and empowers millions of developers worldwide to craft personalized customer experiences. The company has a remote-first work culture with a strong focus on connection, global inclusion, and diverse experiences, making a global impact each day.
Lead security strategy and develop scalable practices to protect systems, products, and customers.
Partner with engineering teams to improve resilience, reduce risk, and embed security into development.
Manage security incidents, evaluate emerging technologies, and build a high-performing security team.
The company is a fast-growing technology firm focused on innovation and engineering excellence. It operates with a distributed international team and emphasizes trust, autonomy, and ownership.
Lead deep-dive investigations and coordinate resolution across engineering teams during significant security events.
Drive coordinated response across releases, balancing risk and remediation feasibility to reduce exposure window.
Author postmortems and drive continuous improvement after product security incidents.
ServiceNow is the AI control tower for business reinvention, helping 85% of the Fortune 500 work smarter. They foster an AI-native culture with a focus on innovation, flexibility, and trust.
United StatesCanadaDominican Republic
Unlimited PTO
Lead application and product security across Forward-built, third-party, and AI-built software.
Evolve the pentest program and proactively build AI solutions within the appsec function.
Own remediation workflows and partner with teams to build controls for external exposure.
Forward Financing is a financial technology company that unlocks capital for small businesses across America. They are a recognized Best Place to Work with a remote-first culture and team members across the US, Canada, and Dominican Republic.
Strengthen platform defenses and safeguard customer data against emerging threats.
Lead vulnerability management and incident response for product security events.
Promote secure development practices and manage Security Champions programs.
Jobgether uses AI-powered matching to connect candidates with hiring companies. They process applications and share shortlists with employers, who manage next steps.
Design, build, and operate an AI-augmented red teaming harness using advanced LLM APIs for autonomous vulnerability discovery.
Conduct adversarial testing across external, internal, and privileged perspectives, chaining and validating vulnerabilities.
Collaborate with DevSecOps, SOC, and engineering teams to improve security automation and detection workflows.
This company provides a cloud-based platform for highly security-conscious organizations. It fosters a remote-first culture focused on innovation, ownership, and continuous learning.